This release includes a number of fixes to OpenVPN, most of which affect Windows only.
OpenVPN 2.5 is a new major release with many new features:
- Client-specific tls-crypt keys (--tls-crypt-v2)
- Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN data channel
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- Asynchronous (deferred) authentication support for auth-pam plugin
- Deferred client-connect
- Faster connection setup
- Netlink support
- Wintun support
- IPv6-only operation
- Improved Windows 10 detection
- Linux VRF support
- TLS 1.3 support
- Support setting DHCP search domain
- Handle setting of tun/tap interface MTU on Windows
- HMAC based auth-token support
- VLAN support
- Support building of .msi installers for Windows
- Allow unicode search string in --cryptoapicert option (Windows)
- Support IPv4 configs with /31 netmasks now
- New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
- MSI installer support (Windows)
- The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA management
For generic help use these support channels:
- Official documentation
- Wiki
- Forums
- User mailing list
- User IRC channel: #openvpn at irc.freenode.net
- Community bug tracker
- Developer mailing list
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration)